Architecture Overview
A technical deep-dive into DepGraph's stack, data flow, and infrastructure decisions.
Tech Stack
| Layer | Technology |
|---|---|
| Frontend | Next.js 14 (App Router) |
| Database | PostgreSQL (Supabase) |
| Cache | Redis (Upstash) |
| Auth | NextAuth.js + GitHub OAuth |
| Hosting | Vercel |
| Payments | Razorpay |
| Resend |
Data Flow
From a single CLI command to a fully scored report:
Caching Strategy
All upstream signals are aggressively cached to stay within GitHub API rate limits and minimise latency.
| Data | TTL | Redis Key Pattern |
|---|---|---|
| Package score | 24h | pkg:score:npm:{name} |
| GitHub signals | 6h | github:repo:{owner}:{repo} |
| npm metadata | 12h | npm:meta:{name} |
| OSV data | 24h | osv:npm:{name} |
| Full scan report | 1h | scan:report:{lockfileHash} |
Rate Limits
- —GitHub API: 5,000 req/hr (authenticated) — queue pauses at < 100 remaining
- —npm registry: No auth required, generous limits
- —OSV.dev: Free, no auth required
Deployment
- —Web: Vercel — auto-deploys from
main - —Cron: Vercel Cron —
GET /api/cron/daily-tasksat 08:00 UTC daily - —Environment: See
.env.examplein the repo for all required variables